resource "google_compute_organization_security_policy" "<%= ctx[:primary_resource_id] %>" {
  provider = google-beta

  display_name = "tf-test%{random_suffix}"
  parent       = "organizations/<%= ctx[:test_env_vars]['org_id'] %>"
}

resource "google_compute_organization_security_policy_rule" "<%= ctx[:primary_resource_id] %>" {
  provider = google-beta

  policy_id = google_compute_organization_security_policy.<%= ctx[:primary_resource_id] %>.id
  action = "allow"

  direction = "INGRESS"
  enable_logging = true
  match {
    config {
      src_ip_ranges = ["192.168.0.0/16", "10.0.0.0/8"]
      layer4_config {
        ip_protocol = "tcp"
        ports = ["22"]
      }
      layer4_config {
        ip_protocol = "icmp"
      }
    }
  }
  priority = 100
}
